Date: Fri, 22 Feb 2019 19:48:37 +0100 From: "Patrick M. Hausen" <hausen@punkt.de> To: FreeBSD Net <freebsd-net@freebsd.org>, freebsd-jail@freebsd.org Subject: Re: Performance issues with VNET/bridge/VLAN Message-ID: <8ABA2B5F-6A94-4907-B623-6B7E9BC83CB3@punkt.de> In-Reply-To: <355c746ae7ec884407299e2649283cfc@ellael.org> References: <9B0EC546-38E6-424E-9CC9-93F4C58B296F@punkt.de> <355c746ae7ec884407299e2649283cfc@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > Am 22.02.2019 um 18:03 schrieb Michael Grimm <trashcan@ellael.org>: >=20 > Am 2019-02-22 11:31, schrieb Patrick M. Hausen: >=20 > [x-posted to freebsd-jail@freebsd.org] >=20 >> The machine is an iocage jail host, all jails with VNET. >> The problem is: network performance in the jails (not on the host!) = is abysmal >> with the second setup. Not consistently so, everything *seems* to = work >> but e.g. a customer complained that checking out a project from = github >> happend at 15k/s =E2=80=A6 that=E2=80=99s when we started to = investigate. >=20 > [...] >=20 >> *Any* idea what might be going on here? We use VNET all the same on = all the >> hosts and it is still labelled =E2=80=9Eexperimental", yes. But all = the parts that >> make up the different setups - bridge(4), vlan(4) - have been in = FreeBSD >> for ages. I=E2=80=99m just combining features orthogonally like every = good sysadmin ;-) >> If someone is willing to do some investigation, I think I can provide = a test >> system and remote access =E2=80=A6 >=20 > This sounds familiar to me, please have a look at the following two = threads: >=20 > = https://lists.freebsd.org/pipermail/freebsd-jail/2019-February/003684.html= > = https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html >=20 > If your hosts run on cloud infrastructure odds are that the mentioned = settings will work in your case. Bare metal. We *provide* cloud infrastructure by the means of jails and = VNET. See this URL for the shameless marketing plug [tm] ;-) Or my talk at = EuroBSDCon 2017 in Paris. https://infrastructure.punkt.de/de/produkte/proserver.html And no PF, no NAT, no IPFW - just the setup I showed in my first mail and of course epair(4) interfaces added to the bridge by iocage =E2=80=A6 We happened to have a handful of servers without enough free uplink = ports in the respective racks and thought we could get away cheaply using = trunks and VLANs. But I=E2=80=99ll fiddle with LRO nonetheless and report if that changes = anything. Thanks Patrick --=20 punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe info@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8ABA2B5F-6A94-4907-B623-6B7E9BC83CB3>